Although not as tortured as the anguished Howard Beale, Phil Dunkelberger is as "mad as hell," expressing irritation over how he couldn't gain access to his e-mail on a recent trip to Germany because his Internet service provider wouldn't authenticate him from abroad. Despite spending two hours pleading on the phone with his ISP, Dunkelberger couldn't access his messages on his laptop computer, meaning the business executive from California couldn't get to important documents attached to his e-mails.

Dunkelberger's problem isn't unique. And Dunkelberger isn't just any businessman; he's chief executive of security vendor Nok Nok Labs. If such a problem exasperates Dunkelberger, it's bound to frustrate others. Now, Dunkelberger has facts to show that consumers share his aggravation.

A survey conducted of consumers in the United States, Britain and Germany by the Ponemon Institute for Nok Nok Labs, and released April 17, confirms the frustration users have with authentication. More than 60 percent of respondents say they've been locked out of Internet sites, and about half add it took a long time to reset a username or password. Some 70 percent of respondents in the U.S. and U.K. gripe that passwords are too long or complex (only about half of Germans express similar annoyances).

The survey also reveals willingness of consumers to accept other authentication factors beyond username and password, even if they require more work on their part.

Dunkelberger says the survey results suggest that consumers are more willing to try new forms of authentication than the industry had assumed. "There are a lot of secure elements out there, from biometrics to a number of different types of tokens," he says. "The consumer is saying they will use those things if they were made available and trusted. There are some perception differences between industry and the consumer and the consumer is far more knowledgeable than maybe industry and some other folks really have given them credit for."

The survey polled some 1,924 consumers in the three nations (754, U.S.; 569, U.K.; 601, Germany), and finds they don't:

Larry Ponemon, who heads the research firm that conducted the survey, says consumers in each country have different favorite forms of secondary authentication: Americans like using messages received on their mobile devices; British favor identity cards; and Germans prefer biometrics.

"There's an appetite for multi-purpose identity credentials to use for payments, to get into secure places like an airport," Ponemon says. "In general, people like that idea of not having one password or one username per website for something that's secure but could be used for different sundry purposes, both physical and logical."

About the Author

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.